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ABSTRACT 



A method and apparatus for authenticating a roaming sub- 
scriber In a preferred embodiment, a subscriber receives a 
challenge that is in a format of a local authentication 
protocol, and determines whether the local authentication 
protocol is the subscriber's home system authentication 
protocol. If it is not, the subscriber converts the challenge 
into a format (e.g., bit length) compatible with its home 
system authentication protocol, and processes the converted 
challenge with the subscriber's secret key and authentication 
algorithm into an authentication response. The authentica- 
tion response is converted to be compatible with the local 
authentication protocol and transmitted to a local system 
coromunication unit The challenge and response is then 
forwarded to the subscribers home system for sirnilar 
conversion and processing, and subscriber's response is 
compared against a home system generated response. 

6 Claims, 9 Drawing Sheets 
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METHOD AND APPARATUS FOR 
AUTHENTICATION IN A COMMUNICATION 
SYSTEM 

This is a continuation of application Scr. No. 08/282.832, 
filed on Jul. 29, 1994 now U.S. Pat No. 5,537,474. 

FIELD OF THE INVENTION 

The present invention relates to communication systems 
and, more particularly, to authentication and encryption 
within communication systems. 

BACKGROUND OF THE INVENTION 

Many communication systems currently use authentica- 
tion and encryption to enhance security of the systems. 
These communication systems include cellular radiotele- 
phone communication systems, personal communication 
systems, paging systems, as well as wireline and wireless 
data networks. A cellular communication system will be 
described below by way of example; however, it will be 
appreciated by those skilled in the art that authentication and 
encryption techniques described can be readily extended to 
other communication systems. 

Turning to the cellular communication systems, these 
systems typically include subscriber units (such as mobile or 
portable units) which communicate with a fixed network 
communication unit via radio frequency (RF) communica- 
tion links. Atypical cellular communication system includes 
at least one base station and a switching center. The switch- 
ing center that a subscriber unit accesses may not be his 
"home" switching center. In mis case, the subscriber unit is 
termed a roaming subscriber unit The switching center 
which the subscriber unit accesses (termed the 4 Visited" 
switching center) must communicate with his "home" 
switching center via the public switched telephone network 
(PSTN) or other type of connection, such as a satellite link, 
to retrieve information about the subscriber unit and provide 
service billing information back to the "home" switching 
center. 

One responsibility of the fixed network communication 
unit (such as a switching center, location register or authen- 
tication center) is to grant use of the communication system 
to the subscriber unit after the requesting subscriber unit 
meets the authentication requirements of the system. In a 
typical cellular telephone communication system, each sub- 
scriber unit is assigned a mobile subscriber identifier (MSI), 
which uniquely identifies the subscriber unit from other 
subscriber units. In the European cellular communication 
system, GSM (Global System for Mobile Communications), 
one such identifier is the international mobile subscriber 
identification number (IMSI). In order to protect the privacy 
of the IMSI, GSM calls for most subscriber-fixed network 
communications to use a temporary mobile subscriber iden- 
tifier (TMSO in lieu of the IMSI. In the U.S., EIA-553§23 
specifies that each subscriber shall have a mobile identifi- 
cation number (MIN) and a factory set electronic serial 
number (ESN). For convenience all such and similar iden- 
tifiers will be referred to by the term MSI below. 

Detection of a legitimate subscriber 1 s MSI may be accom- 
plished by RF eavesdropping or by purposeful or inadvertent 
divulgenee of the MSI by the radiotelephone installer. 
Although the IMSI is more protected than the MIN/ESN 
combination from inadvertent divulgenee, the IMSI remains 
similarly vulnerable to acquisition during RF eavesdrop- 
ping. Under either protocol, once the subscriber's MSI is 
known (stolen), a thief may reprogram another subscriber 
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unit with the stolen MSI causing two or more subscriber 
units to have the same MSL While cellular radiotelephone 
systems have authentication procedures to deny access to 
subscribers not having legitimate MSIs. most typically lack 

5 effective capability for detecting multiple users or to mini- 
mize the effect of installer leaked MSIs. As a consequence, 
legitimate users may be billed far both a thief's use of his 
MSI as well as their own usage. 
Because of this problem with illegitimate subscribers 

10 (clones) and other forms of fraudulent access, several 
authentication protocols have been devised. In GSM the 
fixed network communication unit initiates the authentica- 
tion process following receipt of a TMSI from the subscriber 
by generating and sending a challenge (a random or pseudo- 
random number or RAND) to the subscriber. The subscriber 

15 is required to retrieve at least two enciphering elements from 
its memory: a predetermined ciphering algorithm (e.g., A3 8) 
and the subscriber's authentication secret key (Ki). The 
subscriber then mixes (enciphers) the RAND and Ki into a 
signed response (SRES) and transmits this signed response 

20 back to the fixed network communication unit. If the 
received SRES matches with the network generated SRES 
(using the same algorithm and the subscriber's Ki stored in 
the network), the subscriber is authenticated for service. 
In the USA, the United States Digital Cellular (USDC) 

25 and CDMA (Code Division Multiple Access) standards are 
known as IS54 and IS-95, with an interworking protocol 
known as IS-41 (all published by the Electronic Industries 
Association (EIA), 2001 Eye Street, NW, Washington, D.C. 
20006). These use the same basic authentication protocol 

3Q utilizing a series of specialized messages which must be 
passed between the subscriber and a communication unit of 
the network before system access is granted. However, the 
IS-54/95 protocols employ a "global challenge" of 32 bits in 
length, as compared with the 128 bit RAND used in GSM. 
When mis challenge is mixed (or encrypted) together with a 

35 shared secret key (the SSD A ), the result is an 18 bit signed 
response (AUTH_Jt) (contrasting with the 32 bit SRES in 
GSM). Further processing, using the same algorithm and 
additional shared secret data (SSD fl ) or using a different 
algorithm, is used to generate the message encryption algo- 

40 rithm key and voice privacy mask. 

A fundamental problem with having these significantly 
different authentication protocols is that there is no effective 
way to provide for "seamless" roaming for subscribers 
across air interface boundaries. This means that to provide 

45 for dual air interface phones, under known methods the 
subscriber would be required to additionally maintain dual 
identifiers (and dual accounts) and secret keys for each of the 
protocols used in the two systems. Even where the sub- 
scriber possessed a smart card or detachable subscriber 

50 identity module (SIM) capable of use in handsets of different 
systems, the user would still be required to maintain dual 
identifiers and have the equivalent of two SIMs and dual 
registrations for each smart card. 
The concept of universal personal mobility has emerged 

55 as an important feature of advanced communications net- 
works. However, such universal personal mobility will only 
be achieved when a user can be readily authenticated even 
in visited systems employing authentication protocols dif- 
fering from those of his home system. Therefore, a need 
exists for a privacy and authentication technique which can 

60 alleviate these problems and allow for user roaming across 
system boundaries. 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a block diagram showing a first embodiment of 
65 a communication system having a subscriber unit in a fixed 
network communication unit in accordance with the present 
invention. 
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FIG. 2 is a diagram depicting a subscriber roaming SIU only represent the presently preferred embodiment in 

between systems in accordance with the present invention. connection with the cellular radiotelephone system. Addi- 

FIG. 3 is a flowchart of an authentication process used in tional elements which may be accessed by the micropro- 

accordance with a first embodiment of the invention. cessing stage 114 of the subscriber unit 110 may include data 

HG. 4 is a flowchart of an authentication process used in 5 st f g f cs * uch .? s kc * ^ PJ*" voicc ™rophoncs, 

accordance with a second embodiment of the invention. T *l ^ ^ ? VS ?n * ™£° m IT*? 

, . Jt ... . generator (for generating random challenges from the sub- 

FIG. 5 is a diagram depicting another system providing scriber unit) ^ appropriate encxyptic^decryption dr- 

for roaming in accordance with the invention. cuitry. 

FIG. 6 is a diagram depicting yet another system allowing 1Q ^ the current USDC phones not making provision for a 

for roaming in accordance with the invention. ^maiUamTSIU . the subscriber identifier (MSrwhich may 

FIG. 7 is a flowchart of an authentication process in incl ude the mobile identiiicatloD n ijmhgr_(Mm)j^/i j? .\etr- 

accordance with a third embodiment of the invention. tromc serial num baLjBSasQ^ni^esirip in a^tmmmiartii* 

FIGS. 8 and 9 are flowcharts of an authentication process memory . A 64 bit secret key called the "A-key" also resides 

in accordance with a fourth embodiment of the invention. 15 in this memory. This A-key is also maintained in the home 

DETAILED DESCRIPTION locati011 rcgister (HLR) for ^ subscriber in its home 

DETAILED DESCRIPTION syst(m ^ order tQ ^nimize me need for ^ network 

These needs for providing authenticated roaming across traffic while also maintaining the A-key as a secret key 

system boundaries are met through provision of a method between the subscriber and the HLR alone, IS-54/95.provide 

and apparatus for authentication of the subscriber with his 20 f° r a temporary shared secret data key (SSD) for use in 

own system even when located in a visited system. This authentication and encryption. This SSD key is generated 

authentication is accomplished, in an illustrative embodi- based on the input of a 56 bit challenge received along with 

ment of the invention, by first providing the subscriber with a "change SSD" command and the A-key. Although the 

a subscriber identification unit (SIU) containing a subscriber A-key is not shared, upon computation of the SSD. the home 

identifier (MSI) and secret key (e.g., an A-key, Ki or the 25 system HLR will generally share the SSD with other 

like), A processor is also provided, either in the subscriber requesting location registers (known as 'Visitors location 

unit or (in the case of embodiments such as described in registers" (VLRs)). 

connection with FIGS. 8 and 9 below) in fixed units, The next time an authentication event occurs, such as a 

providing a necessary conversion between the home system registration attempt of the mobile subscriber unit within a 

authentication formats and the visited system authentication 30 service region, the serving system issues a 32 bit random 

formats. An interworking function is also provided connect- challenge (RAND) on the global overhead channel. This 

ing the various systems, typically connected as an adjunct or RAND is input together with the SSD in a common algo- 

part of a location register or switching center. rithm used throughout the system to generate an 18 bit 

FIG. 1 generally depicts a subscriber communication unit authentication response (AUTH_R). If the subscriber is in 

110 such as a cellular subscriber telephone and a fixed 35 a visited system, the AUTH_R calculated in the subscriber 

network communication unit 130, such as a cellular tele- is communicated via the fixed network communication unit 

phone base site and switching center. The subscriber unit 130 of the visited system to the home system HLR, together 

110 is generally depicted showing its RF stage 112 for with the RAND. The HLR men performs its own calculation 

receiving and transmitting RF signals, a microprocessing of AUTH_R using the RAND and the known SSD for the 

stage 114 connected to the RF stage and also connected to 40 subscriber. If the AUTH_R provided by the subscriber is 

a memory 115. In addition the subscriber unit 110 is illus- correct, the tiome system generally, and in a preferred 

trated with an embedded subscriber identification unit (SIU) embodiment, provides the SSD to the visited system, along 

116 generally illustrated including a microprocessing unit with other user data, in order that the visited system can 

118 and a memory 119. The SIU may be a detachable perform future authentications without the need for further 

module such as the subscriber identity module (SIM) found 45 interactions with the home-network. Autonomous authenti- 

in GSM phones. In accordance with the GSM protocol, such cation by the visited network is then possible through the use 

an SIU would have embedded within it both the subscriber of this shared SSD and the common authentication algo- 

identifier (IMSI) and secret key (Ki) f as well as appropriate rithm. In addition to the initial calling request, authentication 

authentication and key agreement algorithms (A3 and A8; may occur, e.g.. upon the invocation of special calling 

A5 resides in subscriber unit 110) to perform the security 50 services, upon the occurrence of a predetermined period of 

functions desired for the subscriber unit. In this respect the traffic communication, or upon events such as a request for 

SIM is a smart card. It should be understood that while the a subscriber terminated call. In addition to providing for 

subscriber unit 110 is illustrated having the SIU 116 embed- further authentication, the SSD is also used in determining 

ded therein, various embodiments of the invention described an appropriate message encryption algorithm key arid voice 

below will show use of an SIU, such as a smart card, in 55 privacy mask. 

arrangements where it cannot be permanently integrated Returning to FIG. 1, a fixed network communication unit 

within a subscriber unit. Further, it is possible for the 130 is generally depicted including a switch center (MSC) 

functions of the SIU to be carried out within an appropriately 134 having a processor stage 140, a database or location 

structured subscriber unit using the memory 115 and pro- register 142, a RAND generator 136 and encrypter/decrypter 

cessor 114 of the subscriber unit 110, as long as the unit is 60 138. Where the location register 142 is a VLR, the secret key 

appropriately equipped with additional circuitry for com- 146 stored there would be the SSD, along with any gener- 

municating the security information, such as is discussed ated crypto key or voice privacy mask. In order to maintain 

further in connection with FIG. 6 below. One skilled in the the privacy of the A-key, this secret key 146 is only stored 

art will thus recognize that while there are a variety of ways in the home location register (HLR) of the subscriber, along 

by which the user's security information (e.g. identifier and 65 with MSI 144 and location information 148 regarding the 

secret key) can be maintained and accessed for authentica- subscriber's last registered location. The RAND generator 

tion and privacy functions, the descriptions here and of the 136 is used in generating the challenges, which are typically 
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generated at the switch center 134 connected with the leaving unchanged the air interfaces and authentication 

serving base station 132 in communication with the sub- protocols used when a subscriber unit is operating within its 

scriber unit 110. The fixed network communication unit 130 home system. This is accomplished within the embodiments 

is in turn connected with a public switch telephone network 0 f FIGS. 2 and 3 } by beginning with the issuance of a RAND 

(PSTN) 150. The PSTN link can be used for connecting 5 a t the serving communication unit 234 of the visited system 

circuit switched calls to fixed end systems, as well as to link 202. This is in keeping with the usage within a USDC type 

VLRs to HLRs as may be required for authentication and system where a global challenge (RAND) is already being 

billing of roaming subscribers. While the above described communicated to subscriber units entering a given cell 

ES-54/95 approach towards authentication allows for limited coverage area 206 (step 305). 

roaming within a system using a USDC protocol, there is at 10 v ^g^on ^ ^ subsci i ber unit is in a visited 
prwentnoprocessbywrachasubsmberrc^gouto/his $ ( 310) (rccognized , for by redetcr . 
home system can still be authenticated in a system using a selectioQ b me ^ or f ^ omd]tg of information 
different authentication protocol. Ttaiing now to FIGS . 2 fom ^ visited icm such ^ ^ oycrhcad mcss ^ 
and 3, a solution to this problem is illustrated in a first 0f authentication peculiar to the visited system 
embodiment of the invention. In FIG. 2, a dual air interface 15 protocol) sub scriber unit 210 will convert the received 
subscriber unit (SU) 210 is shown roaming out of its home ^ &e homc system format (RA ND„). This con- 
system, a GSM system, into a visited system, one complying version ^ ^ for example , m the microprocessor 
with USDC or CDMA standards (B-54/95). Thus subscriber ^ m of mQ L Coming from a GSM systcm ^ a 
is also carrying a subscriber identification unit (SIU) 216 for ^.54/95 type system) such a conversion could be done by 
use in the subscriber unit 210, similar to those illustrated in ^ concatenatin g me 32 bit RAND received by the subscriber 
subscriber unit 110 and SIU 116 of FIG. 1. In accordance unit ^ aQ ^ten^g Mgh ^ d low bit pattern ("one zero 
with GSM standards, SIU 216 would typically be a SIM or one ^ « zero one zcr0 ^ de pending on the parity 
smart card attachable to subscriber unit 210. Because sub- of ^ 32 Ut md mt0 a 128 bit RAND expected 
scriber unit 210 is a dual air interface phone, its RF stages ^ ^ sjtj/sim 216 

^!^^'S^^i£^il^ 25 BdngatypicalGSMSlM,SIU216intumcalculat e sa32 

terns using ainerent air interlaces. By virtue 01 the present t , ^, ..^ ^ L . *in *u 

inventionrsubscriberunitZWisalsoabletobcauthenacated M SR f W b lt Ifc ^ S ubsmb« urn t 21 0 foen 

in the different systems. In the particular embodiment of * e ^V^.^f by truncating the 32 bit 

FIG. 3, the subscriber unit 210 is equipped to carry out the ™ M bl AUTH T* "f* ^nunumcaUng the 

necessary conversions for authentiStioTxhus, the SIU 216 30 ™™r* ^/^T 8 commumcatlon umt 

may simply be a standard GSM SIM card, requiring no 234 325 - J4 ^- 

further processing than would be expected within a standard In *e preferred embodiment the switch center 234 next 

GSM system. communicates the received AUTH_R, the 32 bit RAND, 

As alluded to before, the GSM authentication protocol and subscriber identity (MSI) to the home system 204 via 

differs significantly from that of a typical USDC authenti- 35 PSTN ^ B 18 *us assumed that no extra computational 

cation protocol described above. In GSM each SIU, or SIM, requirements are added to the visited system, since the 

is programmed with the subscriber's unique "international necessary reconversion will be done by foe home system at 

mobilfsubscriber identity" (IMSI) and a 128 bit secret key, »* se ™ce f nter 0ne m the art will readily 

Ki. This IMSI and Ki are also retained in the HLR of the appreciate, however, that the necessary protocol conversions 

home system. In a typical GSM switching center 235, the 40 could be performed either in the visited system 202 service 

actual storage location for the IMSI and Ki is an authenti- 234 - otlnthe home svstem 204 semce center 235 ■ A 

cation center (AuC) 245 (a processor and database) con- <*" led artisan also understand how to implement a 

netted to the HLR 243. When in its home system, and if necessary interworklng function, in light of the invention at 

subscriber unit 210 is in a service region served by its home either or both of Ihe switching centers 234^ such that the 

location register, upon registration the HLR/AuC 243, 245 4 5 paling information communicated via PSTN 250 can be 

will generate a 128 bit challenge (RAND) and communicate received and understood at the receiving switehing centeir- 

this to the subscriber unit At the same time, the HLR/AuC Thus, * e ™ lted Vrt«a202 could implement the necessary 

243, 245 will calculate a 32 bit signed response (SRES) conversion/mterworking functions such that, should the 

using the RAND and secret key Ki in a mixing algorithm *°me *y stem 204not respond to ordinary signabng and an 

(A3) A session key, or secret encryption key (Kc) is also 50 "inverted AUTH_R/RAND pair, the visited system 

calculated using a separate algorithm (A8). At the same time could do ** necessary conversion and forward appropn- 

the SIU 216 in subscriber unit 210 calculates SRES and Kc ately formatted information to the switch center 235 in home 

using the received RAND and stored Ki. SRES is then system 204. 

transmitted back from the subscriber unit 210 and forwarded On receipt of the AUTH_R/RAND pair and subscriber 

to HLR/AuC 243, 245 for comparison with its internally 55 identity (MSI), HLR/AuC 243, 245 of home system 204 

calculated SRES. If there is a match, Kc is stored as an converts the 32 bit RAND into 128 bit RANDH using the 

encryption variable and service is allowed to proceed. When same conversion protocol as applied by SIU 216. SRES and 

roaming within the home system, the fixed network protocol Kc are then calculated using the retrieved Ki and RAND W , 

is varied to allow for the fact that Ki is not shared with and a converted SRES (truncated in this example) is com- 

VLRs. Thus, upon registration of the subscriber unit 210. a 60 Pared with the received AUTH_R. The visited system 202 

request will be sent to the HLR for an appropriate number switch center 234 is men notified whether subscriber nnit 

of triplet sets, each set consisting of a RAND, SRES, and 210 has been authenticated. If subscriber unit 210 has been 

Kc Upon receipt, the VLR will then issue the challenge authenticated, a Kc is forwarded as a secret session key for 

RAND, compare the response SRES, and if there is a match encryption purposes. (Steps 345-365). 

begin service using Kc as an encryption key. 65 In order to minimize inter system signaling, it is prefer- 

The present invention allows for authentication across able to generate and send an additional set of challenge 

boundaries for systems like GSM and IS-54/95, while still response triplets to VLR 242 for use in subsequent authen- 
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tication. In this case, HLR/AuC 243, 245 will also generate home system would generate and send GSM compatible 
additional sets (typically five) of Kc-RAND^-SRES triplets RAND-SRES-Kc triplets to the visited system. The visited 
in keeping with the above embodiment, HLR 243 will system would again challenge the subscriber unit and corn- 
further process the RAND^RES output into the visited parc me generated SRES from the subscriber unit (Steps 
system formatted RAND-ATJTH_R pairs. 5 440-475). Depending upon the received SRES, services is 
An alternative approach which would additionally utilize cither allowed to commence or terminated. (Steps 475-485). 
historical information in the authentication process would be T . , , . . • * j *t * *u 

p ~~ „ D Axm . ^ „ t> a xtt\ i. • " should be appreciated that there are many variations 

that of converting the RAND„ into n RANDs where n u a &e metho ^% SC[ibGd in FIGS. 3 and 4, depending 

number such as six. In other words, the 128 bit RAND„ ' f ' " . TelTTl 

. _ f , ; . ■ nA , v num rT) , £ H upon such factors as the programming of SIU 216 and 

could be segmented into six 24 bit RAND Us used for in ^ - L ^ . ... 

. . ^ . . . . ~, . 10 subscriber unit 210. and the conversion and inter networking 

authentication of ongoing commumcations within a IS-54/ ..... ^ ,7* 1^^^ "7*Za ]Z 

95-type system. Once converted, the triplets would be capatahtarf^ 

V a A*^^^^J^^!^'^t - centers and location registers. Thus, in the case of the 

forwarded to VLR 242 along with the initial session encryp- ^ . . .„ . . ' 

. . A . . /57 embodiment illustrated in FIG. 4, an even more secure 

Uon key (Kc), and communications by subscriber unit 210 " i7u T • a u . 7u 1* * 

tJ *. v .... A . . . ^ _„ approach could be achieved by requiring the generation of a 

would then commence within the visited system 202. The i< t> ;™ . ^ * • j . Al _ r_ 

* * i aa* , . +u . • „ . *„ 15 RAND and forwarding of a signed response to the home 

visited system 202 would then communicate a RAND_U * u * , A . v . . „ 

„™ ^ „ . „ A . . ~ system before release of the SSD to the visited system. One 

upon the occurrence or a challenge event, and subscriber ; n * • ^ -« , « A * ■ * 

Lx 210 would store each of the RAND Us until all n had S ™ e * m * e * ^™«f™ Preferences for such 

been received. The subscriber unit woula throw away any I^ M JKf ^ upon competmg factors such as 
bits in excess of 128 from the combined n RAND UW w ««*«*^ 

input the RAND^ into the SIU 216. SIU 216 would in turn a temp ^ * and the Jiabihty mcurred by toe 

J™** . cppQfrnm ^ T> Axm ™a *L ct>ccXZ increased inter system signaling traffic and consequent delay 

generate a SRES frorn^ the MD^ and c>utput the SRES for f()rced me subscriber dllring authentication, 
conversion to an AUTH_R for transmission to the visited r 6 

system 202. In a more flexible approach, the subscriber unit FtG * 5 mustrates vet another embodiment for achieving 
210 could instead store the RAND_Us in a first-m-first-out 05 mt&T system authentication and a more universal personal 

register, using a predetermined fill pattern or the like when mobility for subscribers. In this illustrated embodiment, 

the register is not yet full to convert the stored bits into a 128 either of mc subscribcr unit 510 or a detachable subscriber 

bit RAND, and otherwise using the last-in 128 bits as a ! denti, y < SIU ) 516 contain necessar y authentication 

RAND having historic information; the HLR would have information for the subscriber, although subscriber unit 510 
already calculated an expected SRES taking into account 30 * s not equipped as a dual air interface phone. Where SIU 516 

this challenge approach. In either approach, upon appropri- is *tadwUe from a slot 512 in subscriber unit 510, the 

ate authentication, communications would continue using subscriber may readily roam using the SIU 516 and an 

the new Kc for the encryption variable. (Steps 365-395). appropriately configured temporary subscriber unit 511 

FIG. 4 next illustrates an alternative embodiment of the obtamcd for use Wltfam a "V*"* 502 * 
invention, with a particular view towards roaming subscrib- 35 0ne particularly advantageous apparatus for achieving 
ers using dual air interface phones, but for which their home ^ universal mobility would be the use of a temporary 
system uses an B-4 1/54/95 authentication protocol. As with subscriber unit terminal 505 (in this example a dispenser 
the embodiment of HG. 3, should the subscriber unit 210 box ) located at some entry point into the visited system, such 
recognize that it is in its home system, authentication would as ^ airport or border crossing. In order to obtain a 
proceed in accordance with the home system authentication 40 tem P orai 7 subscriber unit 511, the subscriber would only 
protocol (Steps 315-320; 410-425). If the subscriber unit need ^ SIU 516 ^ terminal 505. To provide for 
210 on the other hand recognized that it was in a GSM more security, a user PIN could be optionally required and 
system, it would commence by sending the subscriber entered via data entry interface 519 on the terminal 505. 
identifier (MSI) to the serving base station using the appro- Smart card reader 517 would then obtain subscriber identity 
priate air interface protocols. The fixed network communi- 45 informatio11 (MS 3 ) and alert the terminal to connect with a 
cation unit, for example switch center 235, would then visitor location register (VLR) 542 of the local system, 
establish a connection via PSTN 250 to the home location In response the local system would generate a RAND and 
register in the home system (which for purposes of discus- forward this to terminal 505. Upon determination of the 
sion in FIG. 4 is considered within switch center 242). In a subscriber's home system authentication format, for 
preferred embodiment, the subscriber profile maintained in 50 example from information in the MSI, the local system 502 
the HLR would also note whether subscriber unit 210 or SIU or terminal 505 would convert the generated RAND into a 
216 maintained a copy of the algorithm used in the visited home system format (RAND W ) for input to SIU 516. SIU 
system (e.g., the A3 8) or a special purpose algorithm or 516 in turn would generate a signed response (e.g. SRES, 
extension on the home system algorithm (e.g., for process- but hereinafter more generally **RESP") and encryption key 
ing non-standard bit-length challenges or responses, without 55 (e.g. Kc) using its secret key (e.g. Ki), and output the Kc and 
requiring storage of the visited system algorithm. If the same RESP to the terminal 505. Terminal 505 then forwards the 
algorithm is used, the home system would then forward the MSI, location information (if not already present in the 
shared secret data (SSD) of 128 bits to the visited system for VLR) RAND W and RESP to the local system switch cento- 
use as a temporary secret key (Ki-temp), The visited system or VLR 542, for forwarding to the home system 504 home 
would generate the necessary RAND-SRES-Kc triplets from 60 location register 543. 

the Ki-temp and communicate the first RAND to the sub- Upon retrieval of Ki, the home system would calculate 
scriber unit 210 for appropriate response. In response the RESP and Kc using the RAND/, and Kl and determine 
subscriber unit would generate a SRES and Kc using its whether an authentication match existed. The result would 
stored SSD and the A38 algorithm, and send the SRES to the be forwarded to the terminal 505 via PSTN 550 and VLR 
visited system. (Steps 435-470). 65 542, along with a Kc for use as a temporary secret key 
Should the subscriber unit/SIU 216 not be equipped with (A-key). Upon receipt, terminal 505 would load the tempo- 
appropriate visited system authentication algorithms, the rary A-key into temporary subscriber unit 511 (in its 
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temporary, or volatile, memory) and activate and dispense encryption for the temporary subscriber unit 511 would 

temporary subscriber unit 511 to the subscriber, and return proceed using the A-key and visited system protocols, 

the SIU 516. (Steps 705-750 of FIG. 7). When done, the ^ yet another alternative approach, where the temporary 

subscriber would return temporary subscriber unit 511 via subscriber unit 511 is equipped for reading a smart ^ (or 

return slot 513 in terminal 505 or a similar terminal. s S IM) terminal 505 can be preloaded with cards having 

If the subscriber were roaming with a subscriber unit that ^ KmAS1 combinations, ^ soon M ^ sub _ 

did not have a detachable SIU 516, such as is more typical scriber is auIhenticated , a smart card can be dispensed and 

of current USDC-style phones, this same inter system roam- ^ ^reported to the local (GSM) system. Further privacy 

ing could be ^achieved by appropnate modift<ation to sub- ^ ugbeBaaSlM ^ pr0C eed according to the local 

senber umt 510. Sincd subscriber unit 510 would have the 10 authentication protocol. 

necessary secret key information and algorithms for initial m . __ . ... , . . 

authentication, subscriber unit 510 need only be modified to . TV ™« to embodiment of the invcn- 

include a data interface 512 such as metal contacts coupled Uoa "J""*"?* One memod by y^ch aumenUcaton am 

to the MPU. Thus, instead of inserting SIU 516 into an ^""fj"^ ?» «^o«^« * further .Uustrated in FIGS. 

• s. j e+n «i. i_ , . 8 and 9. Unlike the previous embodiments which were 

appropriate reader 517, the subscriber unit could be placed 15 " . \ . i um *. • « . . ~ 

iZ an appropriately configured receiving slot 515 on the ™ t f mm ^ f ^ 0Win S roamm S ° f a 

terminal 505 and authentication information communicated subscriber urut or a temporary subscribe unit across system 

between terminal 505 and subscriber unit 510 via contacts boundaries, me embodiment of FIG. 6 illustrates a further 

512. The receiving slot could also be a rf chamber capable « ten ? (,n *° A * i°a™ng across system 

of receiving and communicating with subscriber unitSlO via 20 bo-ndanes and wi& multmle stibscriber ™ts. Rather than 

an antenna and the subscribe! unit's home air interface ^ »P° n subscriber identity modules (SIMS) or smart 

, . . . , j j £ j cards to access service to one subscriber unit at a time, the 

(using appropmtely proved and configured processor ^ 

and transceivers) far all air interfaces to be serviced). ^ " , ' Jr , ... . 

Although such approaches are less convenient than one L subs . OTber f <« USCr) / ^ „ h ^ k T^r 

which each subscriber has an SIU, they nonetheless provide * ^""j! ^f^TSfW subsm ^£f 

e « ^ u-v* e *u u n, u does the SIU need to be detachable (and so more susceptible 

for much greater mobility for the many subscribers having , . . . , , . . , • 

• j i tL ^ \ • a • T to being misplaced), but may be embedded in any conve- 

ldentifier/authentication information retained in a memory . ^ » ;f :2 ™. u •* •« i • 

„ ,„u<.^w meilt subscriber unit Two such units are illustrated in FIG. 

within their subscriber units. , .... . . _ . . , _ . 

«, , « , « M , . , 6, a small candy bar^-sized phone 660, or even smaller yet 

While the above embodiment has been described with a watcn . si2ed ^ ^ x advances m notarization 

view towards one subscriber umt roaming between systems 30 wm ^ eyen smaller ^ more conve niently sized 

usmg different aumenucauon protocol, it is also possible to objectg (fof ex le ns ^ me ^ to serve as a primary 

use an implementetion like terminal 505 to provide for Scriber umiltoring the user's subscriber identity unit 

mobility of subscribers having a subscriber unit 510 com- . . „ , , , , A . , , 

patible with only one air interface and one authentication ^ Uus **** embodiment the subscriber unit includes a 

protocol. Initial authentication could proceed, once contact 3 5 m f ns . 1 for es*bkshing a proximity link to a temporary 

via interface 512 on subscriber unit 510 is established at subscriber unit terminal By proximity is meant a limited 

terminal 505, via established similar system protocols. In ™& (typically less than 10 meters) and thus reasonably 

order to allow for greater mobility of the temporary sub- g^ate or secure, commumcabLon t link. This is depicted in 

scriber unit, however, once authentication is initially estab- ™- 6 s ^ort range light-frequency (infrared) link 

lishe4 the temporary subscriber unit could be programmed 40 fransceivers 665 and 667 on subscriber unit 

via terminal 505 with a temporary A-key, which would act 660 and termmal 605,^^.111^ 

as the user's secret key for the duration of the rental. This ^ manuaUy, such as by depressing button 662 or by any 

temporary A-key could be programmed into the temporary otfaer convenient user interface 664 such as a keypad or 

subscriber unit 511 via contacts such as battery contacts, ^P^ 0116 , ^ 7°"* ^cognition-capable .subscriber 

similar to security code programming presently being used 45 units ?' 0a< ; m rac * *f f^m^ ***f 

This of course requires an encrypted link between the proximity link can be established via any wirdess technol- 

termmal 505 and home system, due to the sensitivity of even °& ^ ^ P° wer ^ °l evcn lascr >' and couI ^ bc 

a temporary A-key (alternatively, the temporary A-key could established (for example for more secure transacts or as 

be a Kc from the SIU). A SSD would then be generated a backu P> b X means of electrical connectors suitably adapted 

utilizing the new temporary A-key, and the rental unit 511 50 on subscnber umt 660 and tennmal 605 ' 

released for use. Assignment of a time variable or other Once the proximity link is established, the subscriber unit 

parameter into the temporary subscriber unit 511 would transfers a subscriber identity (for example either anIMSIor 

establish a limit for the length of any usage on the temporary a TMSI, depending upon system preferences and 

subscriber unit 5U,tous providing an extra security precau- capabilities) and a service request to the terminal 605. 

tion. The temporary subscriber unit 511 could be further 55 Additional parameters can be entered and transmitted via the 

configured so as to provide a warning to the subscriber as the subscriber unit 660, such as the period for which service is 

end of the rental period approached. desired Alternatively, these additional parmeters could be 

Alternatively, some operators may find it preferable to entered directly through a user interface 623 on the terminal 
have the temporary subscriber unit 511 preprogrammed with 

a MIN and A-key specific to that temporary subscriber unit 60 Upon receipt of the service request, a secure connection 

511. In this case, following successful authentication of a is established from terminal 605 to the local system's 

roaming subscriber, the terminal would provide the MIN to serving location register (VLR 643), and the local system is 

the home system via the visited system VLR. One of the notified of the MSI, service request, and any additional 

location registers within the visited system would act as the parameters. In response, the local system 602 generates 

home location register for the temporary subscriber unit 511, 65 sufficient challenges (RANDs) for the amount of requested 

and would have appropriately stored information including service and forwards the RANDs to the subscriber unit 660 

the network copy of the A-key. Further authentication and via terminal 605. Terminal 605 is further equipped to rec- 
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ognizc the home system and thus the authentication protocol 
and formatting used by the subscriber identity unit of 
subscriber 660, and converts the received RANDs into an 
appropriate home system format (RANDHs). Alternatively, 
the SIU itself is equipped to recognize and convert chal- 
lenges and responses received from visited systems 602 into 
its own home system format. In either case, an appropriately 
formatted RAND is received by the user identity unit and 
inputted into an authentication algorithm together with its 
secret key (e.g.. Ki) to generate a response (e.g., RESP K ) and 
encryption key (e.g., Kc) for each RAND K . The resulting 
triplets are appropriately converted and forwarded to (or 
alternatively forwarded and subsequently convened into 
local system protocol (RESPyS) at) terminal 605. 

Once the RESPyS are received at VLR 643, the MSI, 
location, service request and RAND/RESP v pairs are for- 
warded to the home system 604 and home location register 
643 or other authenticating center for the user identity unit 
Upon appropriate conversion of the RAND/RESP pairs into 
its home system protocol, further RESP^s and the encryp- 
tion key(s) (Kc) are generated from the RAND H and stored 
secret key (Ki), The converted RESPs and further RESP^s 
are then compared for an authentication match. 

Terminal 605 is then notified of the result, and the 
calculated Kcs are forwarded upon authentication to the 
terminal 605 via VLR 643. VLR 643 stores the RAND^- 
RESPyKc triplets, and terminal 605 loads the stored triplets 
into the temporary subscriber unit 611, 613. (See steps 
805-885 of FIG. 8). 

In addition to providing a temporary subscriber unit 611, 
613, or a temporary smart card 616 for use in a temporary 
subscriber unit 613, terminal 605 itself could be used as a 
fixed end system or wireless fixed system for user services. 
For example, terminal 605 could include a video terminal 
617 and user input 623 (keyboard, microphone or the like) 
or even a hard copy output such as a fax machine 621. 
Where the terminal is connected via wireless means to the 
local system 602, authentication and initiation of these 
services would precede as described above in connection 
with FIG. 8. It is also possible, where the terminal is 
connected directly to a voice (such as PSTN 650) or data 
network, to connect terminal 605 directly with home system 
604 to receive authentication and obtain the desired com- 
munications. In this latter case, a simplified authentication 
procedure can be used in which the HLR 643 generates the 
necessary RANDs for the requested services and verifies the 
subsequent signed responses, all while using a more or less 
direct connection via the PSTN 650 to terminal 605. 
Alternatively, terminal 605 can generate the necessary 
RANDs ahead of time, obtain responses (RESPs), and 
forward a RAND-RESP pair as service is desired. For 
example, were an executive to notify a terminal 605 in a 
meeting room that all faxes should be sent to terminal 605 
for a set time, terminal 605 would generate sufficient 
RANDs (e.g., based on a time parameter communicated by 
the subscriber executive) to last the set time. The subscriber 
unit 660 would generate the RESPs, and terminal 605 would 
communicate the subscriber unit 660 MSI, request for 
service, and a RAND/RESP pair, via PSTN 650 or VLR 643 
if using wireless means, for authentication by the home 
system 604. Upon authentication, the home system 604 
would store an indicator that faxes for the set time period 
should be forwarded to terminal 605. When a fax is ready to 
be forwarded, an additional RAND/RESP pair can be used 
to authenticate terminal 605 prior to actual transmission. 

Because the user identity unit may be used to optionally 
activite several temporary subscriber units or services at a 



12 

time, it is advantageous for subscriber unit 660 to come 
equipped with a user interface 664 which includes a display 
for alerting the user about the number and types of devices 
that are currently active as subscriber "proxies" or tempo- 
rary subscriber units. It is also particularly advantageous to 
include in each of the subscriber units a protocol for turning 
of! or * timing ouf* the unit at the end of the uscr*s specified 
service period. A temporary subscriber unit so equipped 
would prompt the user toward the end of the service period 
about the need to reestablish a proximity link and obtain 
authorization for further service/additional triplets. Upon the 
end of such period without appropriate further 
authentication, the temporary subscriber unit would be 
equipped to delete any temporary identifier (TMSI) and 
triplets loaded into the temporary subscriber unit, and the 
user would be prompted to return the temporary subscriber 
unit to a terminal for further service. The temporary sub- 
scriber unit would also be equipped to delete any user 
specific information before the end of the service period 
specified in response to a user deactivation. (See steps 
905-925 of FIG. 9), 

Because the user has not relinquished his security cre- 
dentials resident on the user identity unit, special services 
may be originated/delivered to any one of a number of target 
subscriber units appropriately authenticated by the user, and 
the user's own phone 660 may still simultaneously be used 
for originating and receiving ordinary voice calls if com- 
patible with the local system air interface and network. The 
user interface 664 reminder feature serves to alert the user as 
to how many devices (and types) are currently under proxy 
rendering temporary services (for example, a "service** icon 
could show that a video conferencing terminal, a fax 
machine, and the subscriber unit 660 itself were active for 
services). This may beneficially prompt the user to terminate 
services no longer being used. Further, if a predetermined 
amount of service is requested (such as the setting of a time 
period or billing amount) an additional safeguard is provided 
in limiting the amount of service which can be misdirected 
if, for example, the user were to leave an activated fax 
machine unattended. 

The invention has been described with reference to sev- 
eral illustrative embodiments. As the above description will 
make apparent to one skilled in the art, however, there are 
various modifications and further embodiments that can be 
made without departing from the spirit and scope of the 
invention. Thus, for example, under appropriately config- 
ured systems the particular authentication methods 
described in connection with FIGS. 3 and 4 can also be used 
in connection with the embodiment of FIG. 6, both for 
service provided to subscriber unit 660 (if appropriately 
configured for the local air interface) and for the terminal 
605. A skilled artisan will appreciate that modifications may 
be employed in the specific interworking of authentication 
functions depending upon the particular protocols and inter- 
faces being used in systems between which user roaming is 
to be implemented. Further, while the illustrative embodi- 
ments were described in connection with cellular or PCS 
services, it should be understood that the invention has 
application to all communication systems requiring 
authentication, including satellite based, paging and other 
wireless data, cable and other fixed end terminals commu- 
nicating via wire or fiber optic channels. Finally, while the 
above description illustrated the invention by discussion of 
authentication for one subscriber, it should be understood 
that the invention has application to, and indeed expects, 
plural systems to be concurrently processing numerous 
subscriber authentication requests. Thus, this invention is 
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not to be limited to the specific embodiments discussed and 
illustrated herein, but rather by the following claims. 
We claim: 

1. A method of authenticating a subscriber unit in a 
wireless communication system comprsing the steps of: 

receiving a request for authentication of the subscriber 
unit from a first communication system; 

determining that the first communication system uses a 
first system authentication protocol different from a 
second system authentication protocol used in the sub- 
scriber unit; and 

generating authentication information in the first system 
authentication protocol by generating a challenge and a 
response and by converting the challenge and response 
from the second system authentication protocol into a 
challenge and response in the first system authentica- 
tion protocol. 

2. A method of generating authentication information for 
use in autheticating a subscriber unit of a wireless commu- 
nication system, the method comprising the steps of: 
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receiving a request for service from the subscriber unit; 
generating a first authentication challenge based on a first 

authentication protocol; and 
converting the first authentication challenge into a second 

authentication challenge in a second authentication 

protocol. 

3. The method of claim £ further comprising generating 
a first response based on the first authentication challenge. 
) 4. The method of claim 3, further comprising converting 
the first response into a second response in the second 
protocoL 

5. The method of claim 4, further comprising sending the 
second authentication challenge and the second response to 

. the subscriber unit 

6. The method of claim 2, wherein the first authentication 
protocol is used in a first communication system and the 
second authentication protocol is used in a second commu- 
nication system. 

***** 
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